Traditionally, user identity has been proved by something a user has, something a user knows, or something a user is, i.e. a physical characteristic of the user. For example, a user might prove his or her identity with a hardware or software token or badge in their possession. A user also might prove their identity by something they know such as a secret like their mother's maiden name or a password. Alternatively, a user could prove their identity by a physical characteristic of the user like a fingerprint, retina scan or DNA sample. These different mechanisms for proving user identity are available to control access to today's computing devices. However, many of these technologies present challenges for mobile users because of platform constraints such as a lack of a physical keyboard or necessary interfaces for input devices. These constraints make the input of the required information needed to prove identity by a mobile device user difficult or impossible depending upon the desired mechanism. For example, without the right interface a mobile device will not support a fingerprint sensor or smart card and users accustomed to physical keyboards may find it hard to enter passwords through an on-screen keyboard displayed on a touch screen. Furthermore, existing methods of proving user identity that are specifically designed for touch-based devices, like handwriting recognition processes, often require too much storage and/or computing power to work effectively in a limited resource environments, such as where the user identification process is executed by a computing device's firmware.